Test the OpenSSO Deployment Documents

I know there are people out there who have been wondering where my blog entries have been for the last two and a half months - and to both of you I say: I've been assiduously (thanks for the word, Alan) working on two deployment books for release with Sun OpenSSO Enterprise 8.0. Here are links to the PDFs - test them out and let me know what you think.

But all that work has made me drowsy so I'm taking two weeks off now. In the meantime, enjoy As We Stumble Along featuring Robert Martin as Man in Chair and Beth Leavel as The Drowsy Chaperone. You gotta love a song that rhymes stumble with...parumble?

Doc, these seem to be just what I was looking for. But I do have one suggestion.

I'd expect most OpenSSO users are much earlier in the learning curve than these examples. I certainly am not nearly ready to tackle federation, load balancing and all that. I'd much rather have something much simpler that leads me thru getting a PEP and PDP into action with a simple set of policies and rules with the embedded LDAP; i.e. the simplest setup that could possibly work while exhibiting best practices; perhaps SAML2 with an Apache PEP (2.2 in my case)?

I'd feel much more willing to tackle advanced configs once I had something people could really use on the air. OpenSSO PDP alone doesn't qualify.

There's plenty out there on how to install OpenSSO. Essentially nothing about how to hook up a working PEP. Trust me, I've looked.

Doc, for the SAE configuration, you need to specify that for each of the "Per Application Security Configuration properties" (step 16), the reader should replace the encrypted hash value (secret=...) with the hashed value they obtained in step 5 (from encode.jsp).

One minor issue is in 6.2 on use of sub realm. We got an 'Organization not found' error. Unlike AM7.1 I believe the specification of the sub-realm must include a leading / to work successfully in OpenSSO i.e. .../UI/Login?realm=/users